Dear Apple: Please Keep the iPhone Locked Down

Image of iPhone with padlockEver since Apple introduced the iPhone, first with no third-party apps allowed then permitting apps only under Apple’s strict supervision, there has been hand-wringing in some quarters of the tech world about how Apple’s locked-down mentality would stifle freedom and innovation. The latest blast  against “Apple’s Crystal Prison”comes from the Electronic Frontier Foundation:

While Apple’s products have many virtues, they are marred by an ugly set of restrictions on what users and programmers can do with them. This is most especially true of iOS, though other Apple products sometimes suffer in the same way. In this article we will delve into the kinds of restrictions that Apple, phone companies, and Microsoft have been imposing on mobile computers; the excuses these companies make when they impose these restrictions; the dangers this is creating for open innovation; why Apple in particular should lead the way in fixing this mess. We also propose a bill of rights that need to be secured for people who are purchasing smartphones and other pocket computers.

Fortunately, there’s no reason to believe that Apple is listening to the siren song of openness coming from places like EFF, the Free Software Foundation, Harvard’s Berkman Center, and the Software Freedom Law Center. Completely open systems would give opportunities for anyone with programming skill to get into the guts of any device and see what he or she could do with it. It’s possible that some wonderful things might result. But this same openness clears a pathway for the malicious or the merely incompetent. I don’t care if people want to mess up their own systems, but I don’t want their badly written or downright evil software corrupting mine.

The importance of user experience. By maintaining rigid control over just what software can be loaded onto an iPhone or iPad, Apple has created one of the best user experiences ever. An app that I download from the iTunes App Store may be good, bad, or indifferent in terms of its functionality or its usefulness to me. But I can be confident that it is not going to make a mess of my phone or tablet. And if it does something it shouldn’t, like upload my entire address book without permission, I can be reasonably confident it will be fixed quickly. I don’t have this confidence about any other phone, tablet, or PC except perhaps the fading BlackBerry and the struggling Windows Phone, which have lock-down policies of their own.

For people who really want to mess with their iPhones, they can always jailbreak them and live with the consequences, including a loss of warranty protection. Apple has tried to stop jailbreaking, but has generally been unsuccessful. For the rest of us, the overwhelming majority, we are happy to accept Apple’s restrictions  as the price of increased security and usability. I hate giving up freedom for an illusion of security, but Apple, unlike the Department of Homeland Security, seems to be delivering the real thing.

Misunderstood Gatekeeper. The same folks complaining about the lockdown of iOS are also fretting about new policies for Mac software. But here they seem to be willfully misunderstanding what Apple is doing. Apple recognizes that a Mac is a very different beast than an iOS device and that the sort of restrictions it imposes on iPhones and iPads simply won’t work on Macs. The new Gatekeeper for OS X Mountain Lion does no prevent any user software from being installed. In its default configuration, it will warn against apps that are not digitally signed by a registered Apple developer, but users can easily override the caution and install what they want. Other settings restrict installation only to apps from the Mac App Store, which are approved by Apple and which must obey  new rules requiring sandboxing of apps, or, at the other extreme, allow the installation of anything without objection.

EFF concedes that “fortunately, it will be possible to turn this off in Mountain Lion and install apps from anywhere you want,” but adds, “Apple is continuing down the dangerous road of making their products less open.” Failing to produce evidence of this, EFF’s Micah Lee falls back on hypotheticals: “OS X software authors will find themselves subject to the whims of Apple HQ. What would Mozilla do if Apple refused to authorize Firefox for OS X Mountain Lion, in the same way that Apple refuses to allow a true version of Firefox for the iPhone? Watch half their Mac market share disappear?”

EFF closes with a “Bill of Rights for Mobile Computer Owners.” It’s a strange manifesto, focusing on issues that very, very few users care about, such as the freedom to install the Linux operating system on the phone of your choice. Considering how few people have chosen to install Linux on PCs, where it actually works reasonably well,  this doesn’t seem like a burning issue for most folks. There is nothing in the call about security or ease of use, issues that actually driver users’ choices. This has been a huge blind spot of the free and open software movement for years. And until they take usability seriously, they will be pushed further to the fringes of the tech world and more and more of what we do goes mobile.



Mountain Lion’s Gatekeeper Is Not a Slippery Slope

Apple’s announcement of Gatekeeper, an anti-malware component of the new version of OS X, has set off the predictable horrified reactions among tech bloggers. Many are warning that this is a step in Apple’s plot to turn the Mac into an iPhone-like walled garden. But the reactions seem to be made of up equal parts misinformation and paranoia.

Gatekeeper offers Mac users three options. At its most stringent, it will install only software downloaded from the Mac App Store. A middle setting allows downloads from anywhere, but will warn users against installing them unless the code has been signed by a registered Mac developer. The third option is essentially the pre-Mountain Lion status quo: Anything is allowed.

Much of the criticism focuses on the dialog generated by unsigned code when using the middle option. It warns that the code “has not been signed by a recognized developer.  You should move it to the trash.” At Gizmodo, Casey Chan writes: “But Gatekeeper could also be interpreted as Apple heavily discouraging less savvy users from installing non-Mac App Store apps entirely. It’s one step away from turning the current app freedom on the Mac into the app dictatorship of iOS.

At BoingBoing,  Rob Bechizza opines:

“At this point, the thing that unnerves me is not the prospect of Gatekeeper as a crude tool to herd OS X developers into a walled garden and crush freedom. It’s the fact that code-controlling technologies tend to have unintended consequences that harm, rather than guarantee, the quality of user experiences.

“The prospect of Apple becoming a desktop control freak, going full Sony on its own community to stop it using software the way it has for thirty years? Fun, but let’s wait until it actually happens.

“The truth is that Macs don’t currently suffer much from malicious software, and DRM-esque lockouts are always circumvented. So what’s the point of a DRM-esque system for malware prevention? A more pleasingly cynical answer is that it’s a marketing move, aimed as much at analyst-fed Mac malware hysterics in the tech press as it is at real threats. For everyday users, Gatekeeper’s more likely to echo the good old days of Vista’s “Cancel or Allow” than to save them from themselves.”

This is wrong on several levels. First, malware is a very real problem. It may not be much of one on Macs today, but the  increasingly murky swamp that is the Android app market should serve as a warning. Second, raising the issue of digital rights management is a complete red herring. Gatekeeper has nothing to do with DRM, whose purpose is to restrict unauthorized copying of content or to limit its use to specific devices. He is guilty of the very fear-mongering he accuses Apple of.

Give Apple a little credit for understanding  the difference between a Mac and an iOS device. At the introduction of the iPad, Steve Jobs compared the iPads to cars and Macs to trucks. His point was that a car is all most people need, but people who build stuff need trucks. As analogies go, this isn’t a bad one. And the people who need Macs need the freedom to choose their own software.

Another important point that seems to be getting lost: Developer approval, unlike inclusion in the App Store, does not imply that Apple has looked at the software itself. Anyone can become a registered  Apple developer by paying $99 a year and getting code approved for Gatekeeper’s middle option requires only that developers digitally sign their apps. This allows an app to be traced back to its author and lets Apple de-register developers who distribute bad code. Can this be abused? Of course. But it is on the whole a very good thing to add accountability to app distribution.

Finally, the “walled garden” charge is a bit silly because of how easy Apple makes it to change Gatekeeper settings. It’s just a click on the Security & Privacy system preference. This may sound  elitist but I am going to say it anyway. As I tweeted yesterday, anyone who cannot figure out how to change the setting probably needs the greatest protection. Anyone who doesn’t know enough about their Mac to change a simple preference needs someone to curate their software choices.


Mountain Lion Gets Serious About OS X App Security

Apple’s attitude towards OS X security has always been a bit equivocal. On a technical level, it has done a good job. OS X out of the box is reasonably secure and Apple keeps it that way with regular, usually monthly, updates.

Mountain LionBut Apple’s marketers have long seen the Mac’s perceived security edge over Windows as a competitive advantage, which leads them to disparage the idea that Mac owners need to much to protect their systems. This worked for a long time mostly because Windows presented the bad guys with so much greater a target of opportunity that few attacks targeted Macs. (In fact, the inherent security of OS X and windows have been pretty much even since the launch of Windows Vista.)

But the surge in the popularity of Apple products makes Macs a much more tempting target and with Max OAS X Mountain Lion, Apple is moving to get ahead of the problem. One of the new features in the OS is Gatekeeper, an optional whitelisting approach that should help keep the unwary from loading bad applications onto their Macs. Apps (and their cousins, browser plug-ins) rather than the operating system itself have become the leading vector of attacks since the quality of app code varies widely and apps are generally not subject to the same sort of security scrutiny that the OS goes through.

Related content: My Experience With The OS X Mountain Lion Developer Preview

With iOS, Apple takes a draconian approach to  whitelisting. The only way to load an app onto an  non-jailbroken iPhone or iPad is to download it from the iTunes App Store, which only distributes code that has been vetted by Apple. There had been rumblings that a similar approach might be taken with the Mac and even the hint of such a move suggested that Apple would face a firestorm from the Mac faithful if it imposed such severe restrictions.  So in Mountain Lion, it is taking a more nuanced approach.

Gatekeeper dialog box

Gatekeeper offers users three levels of security of app downloads. At its strictest level, it will allow only apps downloaded from the Mac App Store to be installed. This adds two kinds of protection. First, apps most be approved by Apple to get into the store. Second, new developer rules for the App Store sharply restrict  the amount of damage an app can do, although potentially at a considerable loss of functionality. Starting March 1, all apps submitted to the App Store must run in a “sandbox,” a restriction similar to that imposed on iOS developers, that limits a program’s access to system resources.

That will be too much security for many Mac users, since it would cripple many applications that depend on extensive communication with other apps–often the case in programs used for content creation or software development.  So Mountain Lion offers a more expansive option that allows installation of App Store downloads plus any app signed with a valid Apple developer ID. Before installation, the signature is checked against an Apple database to make sure the app has not been identified as malware, that the developer is not known to have distributed malware, and that the code has not been tampered with.

If you attempt to install code that lacks a valid signature, Mountain Lion will throw up a dialog box warning you. If you choose to install it anyway,  you can control-click the app or its installer and use the context menu to override Gatekeeper.

Finally, for those who prefer to live dangerous, and “Anywhere” setting allows promiscuous downloads without any warnings (an administrative password is till required for installation.)

I think Apple has hit this one right. There has been a lot of doomsaying on blogs that Apple was going to take the same locked-down approach to Mac apps that it does to iOS. But Gatekeeper’s tiered system shows that Apple understands there is a big difference between Mac (and Mac users) and iOS. I think the great majority of users will go for the middle option (isn’t that always the case when you are given three choices) since it provides the best tradeoff between security and functionality. On the whole, this is a big step forward by Apple that Microsoft ought to give a serious look at for Windows 8.